People use passwords and other personal authentication inputs frequently when accessing resources such as accounts, computers, and so forth. For example, a person may use a username, a password, and/or a personal identification number (PIN) to gain access to various digital accounts such as a bank account, an email account, and other personal information. Some entities use personal questions to verify an identity of a person requesting accesses to a restricted resource in addition to (or in lieu of) usernames/passwords. For example, a familiar personal question may ask for a maiden name of the requester's mother. In some instances, personal questions are used to recover a forgotten password.
Some people advise use of unique passwords for important accounts. A cautious person may use many unique combinations of usernames/passwords to gain access to an array of resources. This may limit a potential unauthorized access to other resources if the person's username and password for a given resource become known (e.g., a security breach by hackers, etc.) However, this imposes a difficult task for the person to remember and manage their passwords, secret answers, and so forth.
In addition, many resources impose unique personal questions which require the person to enter (and remember) personal question responses. Unfortunately, some personal questions may be ambiguous and/or and not direct the person to enter the exact personal question response upon presentation of the personal question.
Often, a guess limit is imposed by a resource when the person repeatedly enters an incorrect password or personal question response. For example, after five incorrect attempts, a resource may direct the person to an alternative method to gain access to the restricted resource, lock the resource for a predetermined amount of time, or take other action to limit improper or unauthorized access to the resource. In some instances, a person may reach a guess limit despite knowing the requested information, such as when the person repeatedly makes data entry mistakes or for other reasons, which may inconvenience the person, waste time, and impose an expense to pursue other resource access alternatives (e.g., calling a help desk).
Entities that control or design resources attempt to make it difficult for unauthorized users to gain access to their resources. The entities may take approaches to making it difficult to guess a person's username, password, PIN, or personal question response. For example, entities may use multiple personal questions when verifying the identity of a person. In this way, it would be difficult for an unauthorized person to correctly guess the correct response to multiple personal questions. However, entities must balance employing time-consuming and extensive security processes with allowing authorized people to have access to the resources.